diff options
| author | Albin <albin@mullvad.net> | 2022-12-14 09:05:48 +0100 |
|---|---|---|
| committer | Albin <albin@mullvad.net> | 2022-12-14 09:05:48 +0100 |
| commit | 9bb5ebd0406b63cd649b474de7ba8a6632ddc45c (patch) | |
| tree | 31fc27ef346cd2819b0e9dcc8d37e3419f099952 /android/e2e | |
| parent | 7c50040a46ccb9eaf31c143f6b41c318dbba5e24 (diff) | |
| parent | c23df87ff647d6876e21c0721560e7b4fafbb215 (diff) | |
| download | mullvadvpn-9bb5ebd0406b63cd649b474de7ba8a6632ddc45c.tar.xz mullvadvpn-9bb5ebd0406b63cd649b474de7ba8a6632ddc45c.zip | |
Merge branch 'set-cve-suppression-expiration-to-2023-05-01'
Diffstat (limited to 'android/e2e')
| -rw-r--r-- | android/e2e/e2e-suppression.xml | 29 |
1 files changed, 7 insertions, 22 deletions
diff --git a/android/e2e/e2e-suppression.xml b/android/e2e/e2e-suppression.xml index 6b9f4202da..fcc7c35c01 100644 --- a/android/e2e/e2e-suppression.xml +++ b/android/e2e/e2e-suppression.xml @@ -4,22 +4,7 @@ CVEs in the e2e project are deemed less severe than CVEs in the main projects as CVEs in the e2e project doesn't affect release or debug versions of the app. --> - <suppress> - <notes><![CDATA[ - This CVE is a false positive as the description refers to a GO library (github.com/containers/storage). - ]]></notes> - <packageUrl regex="true">^pkg:maven/androidx\.test\.services/storage@.*$</packageUrl> - <cve>CVE-2021-20291</cve> - </suppress> - <suppress> - <notes><![CDATA[ - This CVE is a false positive as javalite isn't affected according to: - https://cloud.google.com/support/bulletins#gcp-2022-001 - ]]></notes> - <packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf\-javalite@.*$</packageUrl> - <cve>CVE-2021-22569</cve> - </suppress> - <suppress> + <suppress until="2023-05-01Z"> <notes><![CDATA[ This CVE is tracked externally and is therefore suppressed in the automatic audit checks. ]]></notes> @@ -27,7 +12,7 @@ <cve>CVE-2022-3171</cve> <cve>CVE-2022-3510</cve> </suppress> - <suppress> + <suppress until="2023-05-01Z"> <notes><![CDATA[ This CVE is tracked externally and is therefore suppressed in the automatic audit checks. ]]></notes> @@ -37,7 +22,7 @@ <cve>CVE-2022-3510</cve> <cve>CVE-2021-22569</cve> </suppress> - <suppress> + <suppress until="2023-05-01Z"> <notes><![CDATA[ This CVE affects the Apache Commons Net's FTP client that this app doesn't use. https://www.openwall.com/lists/oss-security/2022/12/03/1 @@ -52,7 +37,7 @@ <packageUrl regex="true">^pkg:maven/commons\-.*/commons\-.*@.*$</packageUrl> <cve>CVE-2021-37533</cve> </suppress> - <suppress> + <suppress until="2023-05-01Z"> <notes><![CDATA[ This CVE is tracked externally and is therefore suppressed in the automatic audit checks. https://nvd.nist.gov/vuln/detail/CVE-2021-29425 @@ -62,7 +47,7 @@ <packageUrl regex="true">^pkg:maven/commons\-io/commons\-io@.*$</packageUrl> <cve>CVE-2021-29425</cve> </suppress> - <suppress> + <suppress until="2023-05-01Z"> <notes><![CDATA[ This CVE is tracked externally and is therefore suppressed in the automatic audit checks. ]]></notes> @@ -76,7 +61,7 @@ <cve>CVE-2022-24823</cve> <cve>CVE-2022-41915</cve> </suppress> - <suppress> + <suppress until="2023-05-01Z"> <notes><![CDATA[ This CVE is tracked externally and is therefore suppressed in the automatic audit checks. https://nvd.nist.gov/vuln/detail/CVE-2022-25647 @@ -86,7 +71,7 @@ <packageUrl regex="true">^pkg:maven/com\.google\.code\.gson/gson@.*$</packageUrl> <cve>CVE-2022-25647</cve> </suppress> - <suppress> + <suppress until="2023-05-01Z"> <notes><![CDATA[ This CVE only affect Multiplatform Gradle Projects, which this project is not. https://nvd.nist.gov/vuln/detail/CVE-2022-24329 |